8e96a3074c2b610c461c78399c2de7d41c1c5164c1c222e78fe1f62b7bd3b951 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16_com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan_base.apk
Size

6.5MB
Sample

230830-mr9gxsec6y
MD5

2dacd4e7129a5d95352dedafd0074c7d
SHA1

f13e751a615d69d96d640bfb86a5519a3814982d
SHA256

8e96a3074c2b610c461c78399c2de7d41c1c5164c1c222e78fe1f62b7bd3b951
SHA512

448cc633696215268118ff57793322f3c2f2e6886d919efee46bad91c58630dc74fe09727e125f781aefee0145365bcc8b311b4bb12cab0886207d58fe2ce0b1
SSDEEP

196608:71vmNQyHs9CDVaGP7mdm4CrzP5vSbzDo8ORDz6JO:71vDP9gVHypAvS7gUJO

Score

7^/10

android evasion ransomware

Malware Config

Targets

- Target
  
  16_com.rain.bow.rainbow.money.cash.loan.money.cept.dfs.in.loan_base.apk
- Size
  
  6.5MB
- MD5
  
  2dacd4e7129a5d95352dedafd0074c7d
- SHA1
  
  f13e751a615d69d96d640bfb86a5519a3814982d
- SHA256
  
  8e96a3074c2b610c461c78399c2de7d41c1c5164c1c222e78fe1f62b7bd3b951
- SHA512
  
  448cc633696215268118ff57793322f3c2f2e6886d919efee46bad91c58630dc74fe09727e125f781aefee0145365bcc8b311b4bb12cab0886207d58fe2ce0b1
- SSDEEP
  
  196608:71vmNQyHs9CDVaGP7mdm4CrzP5vSbzDo8ORDz6JO:71vDP9gVHypAvS7gUJO
Score

7^/10

evasion ransomware
- Requests cell location
  Uses Android APIs to to get current cell information.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

evasionransomware

behavioral2

evasionransomware

behavioral3